#CyberFLASH: Poorly secured smart home devices and wearables are a potential launch pad for cyber threats

You should be able to trust your garage door opener, but in the age of the Internet of Things (IoT), it and other smart-connected devices are entry points for hackers and other ne’er-do-wells.

While security in the automotive sector is top of mind given recent vehicle hacks, and the FDA highly regulates medical devices, consumer connected home and wearable technology products are a segment where security is looser, and that’s why it’s the focus of the non-profit Online Trust Alliance (OTA), which found that 100 per cent of recently reported IoT vulnerabilities were easily avoidable.

Specifically, OTA found that had device manufacturers and developers implemented the security and privacy principles outlined in the OTA IoT Trust Framework, the recently reported susceptibilities would have never occurred or been mitigated, said OTA executive director and president Craig Spiezle.

This conclusion was based on OTA researchers analyzed publicly reported device vulnerabilities from November 2015 through July 2016 to determine if an OTA IoT Trust Framework principle could have averted them. Comprised of 31 baseline principles, the framework is a t global, multi-stakeholder effort to address IoT risks comprehensively. Spiezle said the development of the framework has the OTA working with a number of unanticipated groups, including retailers looking to educate customers on connected home products, and realtors selling connected homes full of smart devices, such as garage door openers, appliances and thermostats.

OTA began developing the framework in February 2015, and released it formally in March 2016. This release reflected feedback from nearly 100 organizations including ADT, Microsoft, Device Authority, the National Association of Realtors, Symantec, Infoblox, consumer and privacy advocates, international testing organizations, academic institutions, and U.S. governmental and law enforcement agencies. “The ultimate goal of this framework is to set the foundation for some sort of certification program that people can test against,” said Spiezle.